@pagopa/io-react-native-wallet 0.7.4 → 0.9.0
Sign up to get free protection for your applications and to get access to all the features.
- package/README.md +49 -31
- package/lib/commonjs/credential/index.js +13 -0
- package/lib/commonjs/credential/index.js.map +1 -0
- package/lib/commonjs/credential/issuance/01-start-flow.js +2 -0
- package/lib/commonjs/credential/issuance/01-start-flow.js.map +1 -0
- package/lib/commonjs/credential/issuance/02-evaluate-issuer-trust.js +26 -0
- package/lib/commonjs/credential/issuance/02-evaluate-issuer-trust.js.map +1 -0
- package/lib/commonjs/credential/issuance/03-start-user-authorization.js +119 -0
- package/lib/commonjs/credential/issuance/03-start-user-authorization.js.map +1 -0
- package/lib/commonjs/credential/issuance/04-complete-user-authorization.js +6 -0
- package/lib/commonjs/credential/issuance/04-complete-user-authorization.js.map +1 -0
- package/lib/commonjs/credential/issuance/05-authorize-access.js +63 -0
- package/lib/commonjs/credential/issuance/05-authorize-access.js.map +1 -0
- package/lib/commonjs/credential/issuance/06-obtain-credential.js +128 -0
- package/lib/commonjs/credential/issuance/06-obtain-credential.js.map +1 -0
- package/lib/commonjs/credential/issuance/07-confirm-credential.js +6 -0
- package/lib/commonjs/credential/issuance/07-confirm-credential.js.map +1 -0
- package/lib/commonjs/credential/issuance/const.js +9 -0
- package/lib/commonjs/credential/issuance/const.js.map +1 -0
- package/lib/commonjs/credential/issuance/index.js +34 -0
- package/lib/commonjs/credential/issuance/index.js.map +1 -0
- package/lib/commonjs/credential/presentation/01-start-flow.js +55 -0
- package/lib/commonjs/credential/presentation/01-start-flow.js.map +1 -0
- package/lib/commonjs/credential/presentation/02-evaluate-rp-trust.js +32 -0
- package/lib/commonjs/credential/presentation/02-evaluate-rp-trust.js.map +1 -0
- package/lib/commonjs/credential/presentation/03-get-request-object.js +68 -0
- package/lib/commonjs/credential/presentation/03-get-request-object.js.map +1 -0
- package/lib/commonjs/credential/presentation/04-send-authorization-response.js +139 -0
- package/lib/commonjs/credential/presentation/04-send-authorization-response.js.map +1 -0
- package/lib/commonjs/credential/presentation/index.js +34 -0
- package/lib/commonjs/credential/presentation/index.js.map +1 -0
- package/lib/commonjs/{rp → credential/presentation}/types.js +17 -34
- package/lib/commonjs/credential/presentation/types.js.map +1 -0
- package/lib/commonjs/index.js +10 -61
- package/lib/commonjs/index.js.map +1 -1
- package/lib/commonjs/pid/index.js +1 -3
- package/lib/commonjs/pid/index.js.map +1 -1
- package/lib/commonjs/sd-jwt/index.js +1 -1
- package/lib/commonjs/sd-jwt/index.js.map +1 -1
- package/lib/commonjs/sd-jwt/types.js +1 -1
- package/lib/commonjs/sd-jwt/types.js.map +1 -1
- package/lib/commonjs/trust/chain.js +32 -4
- package/lib/commonjs/trust/chain.js.map +1 -1
- package/lib/commonjs/trust/index.js +105 -20
- package/lib/commonjs/trust/index.js.map +1 -1
- package/lib/commonjs/trust/types.js +54 -35
- package/lib/commonjs/trust/types.js.map +1 -1
- package/lib/commonjs/utils/crypto.js +5 -18
- package/lib/commonjs/utils/crypto.js.map +1 -1
- package/lib/commonjs/utils/misc.js +23 -0
- package/lib/commonjs/utils/misc.js.map +1 -0
- package/lib/commonjs/utils/par.js +86 -0
- package/lib/commonjs/utils/par.js.map +1 -0
- package/lib/module/credential/index.js +4 -0
- package/lib/module/credential/index.js.map +1 -0
- package/lib/module/credential/issuance/01-start-flow.js +2 -0
- package/lib/module/credential/issuance/01-start-flow.js.map +1 -0
- package/lib/module/credential/issuance/02-evaluate-issuer-trust.js +19 -0
- package/lib/module/credential/issuance/02-evaluate-issuer-trust.js.map +1 -0
- package/lib/module/credential/issuance/03-start-user-authorization.js +109 -0
- package/lib/module/credential/issuance/03-start-user-authorization.js.map +1 -0
- package/lib/module/credential/issuance/04-complete-user-authorization.js +2 -0
- package/lib/module/credential/issuance/04-complete-user-authorization.js.map +1 -0
- package/lib/module/credential/issuance/05-authorize-access.js +55 -0
- package/lib/module/credential/issuance/05-authorize-access.js.map +1 -0
- package/lib/module/credential/issuance/06-obtain-credential.js +117 -0
- package/lib/module/credential/issuance/06-obtain-credential.js.map +1 -0
- package/lib/module/credential/issuance/07-confirm-credential.js +2 -0
- package/lib/module/credential/issuance/07-confirm-credential.js.map +1 -0
- package/lib/module/credential/issuance/const.js +2 -0
- package/lib/module/credential/issuance/const.js.map +1 -0
- package/lib/module/credential/issuance/index.js +6 -0
- package/lib/module/credential/issuance/index.js.map +1 -0
- package/lib/module/credential/presentation/01-start-flow.js +46 -0
- package/lib/module/credential/presentation/01-start-flow.js.map +1 -0
- package/lib/module/credential/presentation/02-evaluate-rp-trust.js +25 -0
- package/lib/module/credential/presentation/02-evaluate-rp-trust.js.map +1 -0
- package/lib/module/credential/presentation/03-get-request-object.js +60 -0
- package/lib/module/credential/presentation/03-get-request-object.js.map +1 -0
- package/lib/module/credential/presentation/04-send-authorization-response.js +128 -0
- package/lib/module/credential/presentation/04-send-authorization-response.js.map +1 -0
- package/lib/module/credential/presentation/index.js +6 -0
- package/lib/module/credential/presentation/index.js.map +1 -0
- package/lib/module/credential/presentation/types.js +21 -0
- package/lib/module/credential/presentation/types.js.map +1 -0
- package/lib/module/index.js +4 -5
- package/lib/module/index.js.map +1 -1
- package/lib/module/pid/index.js +1 -2
- package/lib/module/pid/index.js.map +1 -1
- package/lib/module/sd-jwt/index.js +1 -1
- package/lib/module/sd-jwt/index.js.map +1 -1
- package/lib/module/sd-jwt/types.js +1 -1
- package/lib/module/sd-jwt/types.js.map +1 -1
- package/lib/module/trust/chain.js +30 -3
- package/lib/module/trust/chain.js.map +1 -1
- package/lib/module/trust/index.js +99 -16
- package/lib/module/trust/index.js.map +1 -1
- package/lib/module/trust/types.js +50 -31
- package/lib/module/trust/types.js.map +1 -1
- package/lib/module/utils/crypto.js +2 -15
- package/lib/module/utils/crypto.js.map +1 -1
- package/lib/module/utils/misc.js +17 -0
- package/lib/module/utils/misc.js.map +1 -0
- package/lib/module/utils/par.js +74 -0
- package/lib/module/utils/par.js.map +1 -0
- package/lib/typescript/credential/index.d.ts +4 -0
- package/lib/typescript/credential/index.d.ts.map +1 -0
- package/lib/typescript/credential/issuance/01-start-flow.d.ts +11 -0
- package/lib/typescript/credential/issuance/01-start-flow.d.ts.map +1 -0
- package/lib/typescript/credential/issuance/02-evaluate-issuer-trust.d.ts +18 -0
- package/lib/typescript/credential/issuance/02-evaluate-issuer-trust.d.ts.map +1 -0
- package/lib/typescript/credential/issuance/03-start-user-authorization.d.ts +31 -0
- package/lib/typescript/credential/issuance/03-start-user-authorization.d.ts.map +1 -0
- package/lib/typescript/credential/issuance/04-complete-user-authorization.d.ts +16 -0
- package/lib/typescript/credential/issuance/04-complete-user-authorization.d.ts.map +1 -0
- package/lib/typescript/credential/issuance/05-authorize-access.d.ts +26 -0
- package/lib/typescript/credential/issuance/05-authorize-access.d.ts.map +1 -0
- package/lib/typescript/credential/issuance/06-obtain-credential.d.ts +32 -0
- package/lib/typescript/credential/issuance/06-obtain-credential.d.ts.map +1 -0
- package/lib/typescript/credential/issuance/07-confirm-credential.d.ts +11 -0
- package/lib/typescript/credential/issuance/07-confirm-credential.d.ts.map +1 -0
- package/lib/typescript/credential/issuance/const.d.ts +2 -0
- package/lib/typescript/credential/issuance/const.d.ts.map +1 -0
- package/lib/typescript/credential/issuance/index.d.ts +10 -0
- package/lib/typescript/credential/issuance/index.d.ts.map +1 -0
- package/lib/typescript/credential/presentation/01-start-flow.d.ts +20 -0
- package/lib/typescript/credential/presentation/01-start-flow.d.ts.map +1 -0
- package/lib/typescript/credential/presentation/02-evaluate-rp-trust.d.ts +18 -0
- package/lib/typescript/credential/presentation/02-evaluate-rp-trust.d.ts.map +1 -0
- package/lib/typescript/credential/presentation/03-get-request-object.d.ts +25 -0
- package/lib/typescript/credential/presentation/03-get-request-object.d.ts.map +1 -0
- package/lib/typescript/credential/presentation/04-send-authorization-response.d.ts +34 -0
- package/lib/typescript/credential/presentation/04-send-authorization-response.d.ts.map +1 -0
- package/lib/typescript/credential/presentation/index.d.ts +7 -0
- package/lib/typescript/credential/presentation/index.d.ts.map +1 -0
- package/lib/typescript/credential/presentation/types.d.ts +49 -0
- package/lib/typescript/credential/presentation/types.d.ts.map +1 -0
- package/lib/typescript/index.d.ts +4 -5
- package/lib/typescript/index.d.ts.map +1 -1
- package/lib/typescript/pid/index.d.ts +1 -2
- package/lib/typescript/pid/index.d.ts.map +1 -1
- package/lib/typescript/sd-jwt/index.d.ts +2 -2
- package/lib/typescript/sd-jwt/index.d.ts.map +1 -1
- package/lib/typescript/sd-jwt/types.d.ts +5 -5
- package/lib/typescript/trust/chain.d.ts +12 -3
- package/lib/typescript/trust/chain.d.ts.map +1 -1
- package/lib/typescript/trust/index.d.ts +198 -24
- package/lib/typescript/trust/index.d.ts.map +1 -1
- package/lib/typescript/trust/types.d.ts +1299 -623
- package/lib/typescript/trust/types.d.ts.map +1 -1
- package/lib/typescript/utils/crypto.d.ts +1 -1
- package/lib/typescript/utils/crypto.d.ts.map +1 -1
- package/lib/typescript/utils/dpop.d.ts +2 -2
- package/lib/typescript/utils/misc.d.ts +8 -0
- package/lib/typescript/utils/misc.d.ts.map +1 -0
- package/lib/typescript/utils/par.d.ts +68 -0
- package/lib/typescript/utils/par.d.ts.map +1 -0
- package/package.json +2 -2
- package/src/credential/index.ts +4 -0
- package/src/credential/issuance/01-start-flow.ts +10 -0
- package/src/credential/issuance/02-evaluate-issuer-trust.ts +31 -0
- package/src/credential/issuance/03-start-user-authorization.ts +138 -0
- package/src/credential/issuance/04-complete-user-authorization.ts +17 -0
- package/src/credential/issuance/05-authorize-access.ts +92 -0
- package/src/credential/issuance/06-obtain-credential.ts +179 -0
- package/src/credential/issuance/07-confirm-credential.ts +14 -0
- package/src/credential/issuance/const.ts +2 -0
- package/src/credential/issuance/index.ts +32 -0
- package/src/credential/presentation/01-start-flow.ts +51 -0
- package/src/credential/presentation/02-evaluate-rp-trust.ts +33 -0
- package/src/credential/presentation/03-get-request-object.ts +85 -0
- package/src/credential/presentation/04-send-authorization-response.ts +168 -0
- package/src/credential/presentation/index.ts +26 -0
- package/src/credential/presentation/types.ts +27 -0
- package/src/index.ts +7 -28
- package/src/pid/index.ts +1 -2
- package/src/sd-jwt/index.ts +2 -2
- package/src/sd-jwt/types.ts +1 -1
- package/src/trust/chain.ts +45 -3
- package/src/trust/index.ts +136 -19
- package/src/trust/types.ts +57 -35
- package/src/utils/crypto.ts +2 -20
- package/src/utils/misc.ts +23 -0
- package/src/utils/par.ts +103 -0
- package/lib/commonjs/pid/issuing.js +0 -276
- package/lib/commonjs/pid/issuing.js.map +0 -1
- package/lib/commonjs/rp/__test__/index.test.js +0 -172
- package/lib/commonjs/rp/__test__/index.test.js.map +0 -1
- package/lib/commonjs/rp/index.js +0 -239
- package/lib/commonjs/rp/index.js.map +0 -1
- package/lib/commonjs/rp/types.js.map +0 -1
- package/lib/module/pid/issuing.js +0 -266
- package/lib/module/pid/issuing.js.map +0 -1
- package/lib/module/rp/__test__/index.test.js +0 -168
- package/lib/module/rp/__test__/index.test.js.map +0 -1
- package/lib/module/rp/index.js +0 -228
- package/lib/module/rp/index.js.map +0 -1
- package/lib/module/rp/types.js +0 -36
- package/lib/module/rp/types.js.map +0 -1
- package/lib/typescript/pid/issuing.d.ts +0 -57
- package/lib/typescript/pid/issuing.d.ts.map +0 -1
- package/lib/typescript/rp/__test__/index.test.d.ts +0 -2
- package/lib/typescript/rp/__test__/index.test.d.ts.map +0 -1
- package/lib/typescript/rp/index.d.ts +0 -43
- package/lib/typescript/rp/index.d.ts.map +0 -1
- package/lib/typescript/rp/types.d.ts +0 -122
- package/lib/typescript/rp/types.d.ts.map +0 -1
- package/src/pid/issuing.ts +0 -405
- package/src/rp/__test__/index.test.ts +0 -250
- package/src/rp/index.ts +0 -287
- package/src/rp/types.ts +0 -42
package/README.md
CHANGED
@@ -46,43 +46,24 @@ This package is compatibile with any http client which implements [Fetch API](ht
|
|
46
46
|
|
47
47
|
</details>
|
48
48
|
|
49
|
-
###
|
49
|
+
### Credential
|
50
50
|
|
51
|
-
|
51
|
+
Credential Issuance and Presentation flows are defined in under `src/credential/issuance` and `src/credential/presentation`.
|
52
|
+
Each flow exposes in the public API a function definition for each step. Some step also has an implementation; for those that have no implementation, the App is expected to fullfil.
|
53
|
+
|
54
|
+
#### Issuance
|
52
55
|
|
53
56
|
```ts
|
54
|
-
import {
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
57
|
+
import { Credential } from "@pagopa/io-react-native-wallet";
|
58
|
+
|
59
|
+
// Retrieve Issuer configuration and evaluate trust
|
60
|
+
const { issuerConf } = await Credential.Issuance.evaluateIssuerTrust(...);
|
61
|
+
|
62
|
+
// Obtain the directions to perform user authorization
|
63
|
+
const { clientId, requestUri } = await Credential.Issuance.startUserAuthorization(...);
|
59
64
|
|
60
|
-
// Obtain PID metadata
|
61
|
-
const pidEntityConfiguration = await getCredentialIssuerEntityConfiguration(
|
62
|
-
"https://pid-provider.example"
|
63
|
-
);
|
64
65
|
|
65
|
-
// Auth Token request
|
66
|
-
const authRequest = PID.Issuing.authorizeIssuing({ wiaCryptoContext });
|
67
|
-
const authConf = await authRequest(
|
68
|
-
/* signed instance attestation */ instanceAttestation,
|
69
|
-
/* the relative wallet provided */ walletProviderBaseUrl,
|
70
|
-
pidEntityConfiguration
|
71
|
-
);
|
72
66
|
|
73
|
-
// Credential request
|
74
|
-
const credentialRequest = PID.Issuing.getCredential({ pidCryptoContext });
|
75
|
-
const pid = await credentialRequest(
|
76
|
-
authConf,
|
77
|
-
pidEntityConfiguration,
|
78
|
-
/* Some personal data */
|
79
|
-
{
|
80
|
-
birthDate: "01/01/1990",
|
81
|
-
fiscalCode: "AAABBB00A00A000A",
|
82
|
-
name: "NAME",
|
83
|
-
surname: "SURNAME",
|
84
|
-
}
|
85
|
-
);
|
86
67
|
```
|
87
68
|
|
88
69
|
#### Encode and Decode
|
@@ -175,6 +156,43 @@ const result = await sendAuthorizationResponse(requestObj, [
|
|
175
156
|
]);
|
176
157
|
```
|
177
158
|
|
159
|
+
### Trust Model
|
160
|
+
|
161
|
+
#### Fetch federation entity statements
|
162
|
+
|
163
|
+
```ts
|
164
|
+
import {
|
165
|
+
// generic statement
|
166
|
+
getEntityStatement,
|
167
|
+
getEntityConfiguration,
|
168
|
+
// statement with shape parsing
|
169
|
+
getCredentialIssuerEntityConfiguration,
|
170
|
+
getRelyingPartyEntityConfiguration,
|
171
|
+
getTrustAnchorEntityConfiguration,
|
172
|
+
getWalletProviderEntityConfiguration,
|
173
|
+
} from "@pagopa/io-react-native-wallet";
|
174
|
+
```
|
175
|
+
|
176
|
+
#### Validate trust
|
177
|
+
|
178
|
+
```ts
|
179
|
+
import {
|
180
|
+
verifyTrustChain,
|
181
|
+
getTrustAnchorEntityConfiguration,
|
182
|
+
} from "@pagopa/io-react-native-wallet";
|
183
|
+
|
184
|
+
const trustChain = ["ejJ0eX...", "eyG5eX...", "erU9eX..."];
|
185
|
+
const trustChainEC = await getTrustAnchorEntityConfiguration(
|
186
|
+
"https://trust-anchor.example"
|
187
|
+
);
|
188
|
+
|
189
|
+
// Validate a given trust chain offline (no renewal on failures)
|
190
|
+
await verifyTrustChain(trustChainEC, trustChain);
|
191
|
+
|
192
|
+
// Validate a given trust chain online (try to renew on failures)
|
193
|
+
await verifyTrustChain(trustChainEC, trustChain, { renewOnFail: true });
|
194
|
+
```
|
195
|
+
|
178
196
|
## Example
|
179
197
|
|
180
198
|
### NodeJS and Ruby
|
@@ -0,0 +1,13 @@
|
|
1
|
+
"use strict";
|
2
|
+
|
3
|
+
Object.defineProperty(exports, "__esModule", {
|
4
|
+
value: true
|
5
|
+
});
|
6
|
+
exports.Presentation = exports.Issuance = void 0;
|
7
|
+
var Issuance = _interopRequireWildcard(require("./issuance"));
|
8
|
+
exports.Issuance = Issuance;
|
9
|
+
var Presentation = _interopRequireWildcard(require("./presentation"));
|
10
|
+
exports.Presentation = Presentation;
|
11
|
+
function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
|
12
|
+
function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
|
13
|
+
//# sourceMappingURL=index.js.map
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"names":["Issuance","_interopRequireWildcard","require","exports","Presentation","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set"],"sourceRoot":"../../../src","sources":["credential/index.ts"],"mappings":";;;;;;AAAA,IAAAA,QAAA,GAAAC,uBAAA,CAAAC,OAAA;AAAuCC,OAAA,CAAAH,QAAA,GAAAA,QAAA;AACvC,IAAAI,YAAA,GAAAH,uBAAA,CAAAC,OAAA;AAA+CC,OAAA,CAAAC,YAAA,GAAAA,YAAA;AAAA,SAAAC,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAL,wBAAAS,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA"}
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"names":[],"sourceRoot":"../../../../src","sources":["credential/issuance/01-start-flow.ts"],"mappings":""}
|
@@ -0,0 +1,26 @@
|
|
1
|
+
"use strict";
|
2
|
+
|
3
|
+
Object.defineProperty(exports, "__esModule", {
|
4
|
+
value: true
|
5
|
+
});
|
6
|
+
exports.evaluateIssuerTrust = void 0;
|
7
|
+
var _trust = require("../../trust");
|
8
|
+
/**
|
9
|
+
* The Issuer trust evaluation phase.
|
10
|
+
* Fetch the Issuer's configuration and verify trust.
|
11
|
+
*
|
12
|
+
* @param issuerUrl The base url of the Issuer
|
13
|
+
* @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
|
14
|
+
* @returns The Issuer's configuration
|
15
|
+
*/
|
16
|
+
const evaluateIssuerTrust = async function (issuerUrl) {
|
17
|
+
let context = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
|
18
|
+
const issuerConf = await (0, _trust.getCredentialIssuerEntityConfiguration)(issuerUrl, {
|
19
|
+
appFetch: context.appFetch
|
20
|
+
}).then(_ => _.payload.metadata);
|
21
|
+
return {
|
22
|
+
issuerConf
|
23
|
+
};
|
24
|
+
};
|
25
|
+
exports.evaluateIssuerTrust = evaluateIssuerTrust;
|
26
|
+
//# sourceMappingURL=02-evaluate-issuer-trust.js.map
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"names":["_trust","require","evaluateIssuerTrust","issuerUrl","context","arguments","length","undefined","issuerConf","getCredentialIssuerEntityConfiguration","appFetch","then","_","payload","metadata","exports"],"sourceRoot":"../../../../src","sources":["credential/issuance/02-evaluate-issuer-trust.ts"],"mappings":";;;;;;AAAA,IAAAA,MAAA,GAAAC,OAAA;AAcA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMC,mBAAwC,GAAG,eAAAA,CACtDC,SAAS,EAEN;EAAA,IADHC,OAAO,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEZ,MAAMG,UAAU,GAAG,MAAM,IAAAC,6CAAsC,EAACN,SAAS,EAAE;IACzEO,QAAQ,EAAEN,OAAO,CAACM;EACpB,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,OAAO,CAACC,QAAQ,CAAC;EAClC,OAAO;IAAEN;EAAW,CAAC;AACvB,CAAC;AAACO,OAAA,CAAAb,mBAAA,GAAAA,mBAAA"}
|
@@ -0,0 +1,119 @@
|
|
1
|
+
"use strict";
|
2
|
+
|
3
|
+
Object.defineProperty(exports, "__esModule", {
|
4
|
+
value: true
|
5
|
+
});
|
6
|
+
exports.startUserAuthorization = void 0;
|
7
|
+
var z = _interopRequireWildcard(require("zod"));
|
8
|
+
var _reactNativeUuid = _interopRequireDefault(require("react-native-uuid"));
|
9
|
+
var _par = require("../../utils/par");
|
10
|
+
var _decoder = require("../../utils/decoder");
|
11
|
+
var _misc = require("../../utils/misc");
|
12
|
+
var _const = require("./const");
|
13
|
+
function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
|
14
|
+
function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
|
15
|
+
function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
|
16
|
+
const selectCredentialDefinition = (issuerConf, credentialType) => {
|
17
|
+
const {
|
18
|
+
credentials_supported
|
19
|
+
} = issuerConf.openid_credential_issuer;
|
20
|
+
const [result] = credentials_supported.filter(e => e.credential_definition.type.includes(credentialType)).map(e => ({
|
21
|
+
credential_definition: {
|
22
|
+
type: credentialType
|
23
|
+
},
|
24
|
+
format: e.format,
|
25
|
+
type: "openid_credential"
|
26
|
+
}));
|
27
|
+
if (!result) {
|
28
|
+
throw new Error(`No credential support the type '${credentialType}'`);
|
29
|
+
}
|
30
|
+
return result;
|
31
|
+
};
|
32
|
+
const decodeAuthorizationResponse = async raw => {
|
33
|
+
const {
|
34
|
+
decodedJwt: {
|
35
|
+
payload
|
36
|
+
}
|
37
|
+
} = await (0, _decoder.getJwtFromFormPost)(raw);
|
38
|
+
|
39
|
+
/**
|
40
|
+
* FIXME: [SIW-628] This step must not make any difference on the credential
|
41
|
+
* we are authorizing for, being a PID or any other (Q)EAA.
|
42
|
+
*
|
43
|
+
* Currently, PID issuer is implemented to skip the CompleteUserAuthorization step
|
44
|
+
* thus returning a stubbed (code, state) pair.
|
45
|
+
*
|
46
|
+
* This is a workaround to proceeed the flow anyway.
|
47
|
+
* If the response does not map what expected (CorrectShape),
|
48
|
+
* we try parse into (code, state) to check if we are in the PID scenario.
|
49
|
+
* In that case, a stub value is returned (will not be evaluated anyway).
|
50
|
+
*
|
51
|
+
* This workaround will be obsolete once the PID issuer fixes its implementation
|
52
|
+
*/
|
53
|
+
const CorrectShape = z.object({
|
54
|
+
request_uri: z.string()
|
55
|
+
});
|
56
|
+
const WrongShapeForPID = z.object({
|
57
|
+
code: z.string(),
|
58
|
+
state: z.string()
|
59
|
+
});
|
60
|
+
const [correct, wrong] = [CorrectShape.safeParse(payload), WrongShapeForPID.safeParse(payload)];
|
61
|
+
if (correct.success) {
|
62
|
+
return correct.data;
|
63
|
+
} else if (wrong.success) {
|
64
|
+
return {
|
65
|
+
request_uri: "https://fake-request-uri"
|
66
|
+
};
|
67
|
+
}
|
68
|
+
throw correct.error;
|
69
|
+
};
|
70
|
+
/**
|
71
|
+
* Start the User authorization phase.
|
72
|
+
* Perform the Pushed Authorization Request as defined in OAuth 2.0 protocol.
|
73
|
+
*
|
74
|
+
* @param issuerConf The Issuer configuration
|
75
|
+
* @param credentialType The type of the credential to be requested
|
76
|
+
* @param context.wiaCryptoContext The context to access the key associated with the Wallet Instance Attestation
|
77
|
+
* @param context.walletInstanceAttestation The Wallet Instance Attestation token
|
78
|
+
* @param context.walletProviderBaseUrl The base url of the Wallet Provider
|
79
|
+
* @param context.additionalParams Hash set of parameters to be passed to the authorization endpoint
|
80
|
+
* (used as a temporary fix until we have a proper User identity in the PID token provider)
|
81
|
+
* TODO: [SIW-630]
|
82
|
+
* @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
|
83
|
+
* @returns The request uri to continue the authorization to
|
84
|
+
*/
|
85
|
+
const startUserAuthorization = async (issuerConf, credentialType, ctx) => {
|
86
|
+
const {
|
87
|
+
wiaCryptoContext,
|
88
|
+
walletInstanceAttestation,
|
89
|
+
walletProviderBaseUrl,
|
90
|
+
additionalParams = {},
|
91
|
+
appFetch = fetch
|
92
|
+
} = ctx;
|
93
|
+
const clientId = await wiaCryptoContext.getPublicKey().then(_ => _.kid);
|
94
|
+
const codeVerifier = `${_reactNativeUuid.default.v4()}`;
|
95
|
+
// Make a PAR request to the credential issuer and return the response url
|
96
|
+
const parUrl = issuerConf.openid_credential_issuer.pushed_authorization_request_endpoint;
|
97
|
+
const getPar = (0, _par.makeParRequest)({
|
98
|
+
wiaCryptoContext,
|
99
|
+
appFetch
|
100
|
+
});
|
101
|
+
const issuerRequestUri = await getPar(clientId, codeVerifier, walletProviderBaseUrl, parUrl, walletInstanceAttestation, [selectCredentialDefinition(issuerConf, credentialType)], _const.ASSERTION_TYPE);
|
102
|
+
|
103
|
+
// Initialize authorization by requesting the authz request uri
|
104
|
+
const authzRequestEndpoint = issuerConf.openid_credential_issuer.authorization_endpoint;
|
105
|
+
const params = new URLSearchParams({
|
106
|
+
client_id: clientId,
|
107
|
+
request_uri: issuerRequestUri,
|
108
|
+
...additionalParams
|
109
|
+
});
|
110
|
+
const {
|
111
|
+
request_uri
|
112
|
+
} = await appFetch(`${authzRequestEndpoint}?${params}`).then((0, _misc.hasStatus)(200)).then(res => res.text()).then(decodeAuthorizationResponse);
|
113
|
+
return {
|
114
|
+
requestUri: request_uri,
|
115
|
+
clientId
|
116
|
+
};
|
117
|
+
};
|
118
|
+
exports.startUserAuthorization = startUserAuthorization;
|
119
|
+
//# sourceMappingURL=03-start-user-authorization.js.map
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"names":["z","_interopRequireWildcard","require","_reactNativeUuid","_interopRequireDefault","_par","_decoder","_misc","_const","obj","__esModule","default","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","selectCredentialDefinition","issuerConf","credentialType","credentials_supported","openid_credential_issuer","result","filter","e","credential_definition","type","includes","map","format","Error","decodeAuthorizationResponse","raw","decodedJwt","payload","getJwtFromFormPost","CorrectShape","object","request_uri","string","WrongShapeForPID","code","state","correct","wrong","safeParse","success","data","error","startUserAuthorization","ctx","wiaCryptoContext","walletInstanceAttestation","walletProviderBaseUrl","additionalParams","appFetch","fetch","clientId","getPublicKey","then","_","kid","codeVerifier","uuid","v4","parUrl","pushed_authorization_request_endpoint","getPar","makeParRequest","issuerRequestUri","ASSERTION_TYPE","authzRequestEndpoint","authorization_endpoint","params","URLSearchParams","client_id","hasStatus","res","text","requestUri","exports"],"sourceRoot":"../../../../src","sources":["credential/issuance/03-start-user-authorization.ts"],"mappings":";;;;;;AAAA,IAAAA,CAAA,GAAAC,uBAAA,CAAAC,OAAA;AACA,IAAAC,gBAAA,GAAAC,sBAAA,CAAAF,OAAA;AACA,IAAAG,IAAA,GAAAH,OAAA;AAEA,IAAAI,QAAA,GAAAJ,OAAA;AACA,IAAAK,KAAA,GAAAL,OAAA;AAGA,IAAAM,MAAA,GAAAN,OAAA;AAAyC,SAAAE,uBAAAK,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAAA,SAAAG,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAZ,wBAAAQ,GAAA,EAAAI,WAAA,SAAAA,WAAA,IAAAJ,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAQ,KAAA,GAAAL,wBAAA,CAAAC,WAAA,OAAAI,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAT,GAAA,YAAAQ,KAAA,CAAAE,GAAA,CAAAV,GAAA,SAAAW,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAhB,GAAA,QAAAgB,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAnB,GAAA,EAAAgB,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAf,GAAA,EAAAgB,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAhB,GAAA,CAAAgB,GAAA,SAAAL,MAAA,CAAAT,OAAA,GAAAF,GAAA,MAAAQ,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAArB,GAAA,EAAAW,MAAA,YAAAA,MAAA;AAEzC,MAAMW,0BAA0B,GAAGA,CACjCC,UAAkD,EAClDC,cAAgD,KACxB;EACxB,MAAM;IAAEC;EAAsB,CAAC,GAAGF,UAAU,CAACG,wBAAwB;EAErE,MAAM,CAACC,MAAM,CAAC,GAAGF,qBAAqB,CACnCG,MAAM,CAAEC,CAAC,IAAKA,CAAC,CAACC,qBAAqB,CAACC,IAAI,CAACC,QAAQ,CAACR,cAAc,CAAC,CAAC,CACpES,GAAG,CAAEJ,CAAC,KAAM;IACXC,qBAAqB,EAAE;MAAEC,IAAI,EAAEP;IAAe,CAAC;IAC/CU,MAAM,EAAEL,CAAC,CAACK,MAAM;IAChBH,IAAI,EAAE;EACR,CAAC,CAAC,CAAC;EAEL,IAAI,CAACJ,MAAM,EAAE;IACX,MAAM,IAAIQ,KAAK,CAAE,mCAAkCX,cAAe,GAAE,CAAC;EACvE;EACA,OAAOG,MAAM;AACf,CAAC;AAED,MAAMS,2BAA2B,GAAG,MAClCC,GAAW,IAC0B;EACrC,MAAM;IACJC,UAAU,EAAE;MAAEC;IAAQ;EACxB,CAAC,GAAG,MAAM,IAAAC,2BAAkB,EAACH,GAAG,CAAC;;EAEjC;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAMI,YAAY,GAAGlD,CAAC,CAACmD,MAAM,CAAC;IAAEC,WAAW,EAAEpD,CAAC,CAACqD,MAAM,CAAC;EAAE,CAAC,CAAC;EAC1D,MAAMC,gBAAgB,GAAGtD,CAAC,CAACmD,MAAM,CAAC;IAAEI,IAAI,EAAEvD,CAAC,CAACqD,MAAM,CAAC,CAAC;IAAEG,KAAK,EAAExD,CAAC,CAACqD,MAAM,CAAC;EAAE,CAAC,CAAC;EAE1E,MAAM,CAACI,OAAO,EAAEC,KAAK,CAAC,GAAG,CACvBR,YAAY,CAACS,SAAS,CAACX,OAAO,CAAC,EAC/BM,gBAAgB,CAACK,SAAS,CAACX,OAAO,CAAC,CACpC;EAED,IAAIS,OAAO,CAACG,OAAO,EAAE;IACnB,OAAOH,OAAO,CAACI,IAAI;EACrB,CAAC,MAAM,IAAIH,KAAK,CAACE,OAAO,EAAE;IACxB,OAAO;MAAER,WAAW,EAAE;IAA2B,CAAC;EACpD;EACA,MAAMK,OAAO,CAACK,KAAK;AACrB,CAAC;AAcD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMC,sBAA8C,GAAG,MAAAA,CAC5D/B,UAAU,EACVC,cAAc,EACd+B,GAAG,KACA;EACH,MAAM;IACJC,gBAAgB;IAChBC,yBAAyB;IACzBC,qBAAqB;IACrBC,gBAAgB,GAAG,CAAC,CAAC;IACrBC,QAAQ,GAAGC;EACb,CAAC,GAAGN,GAAG;EACP,MAAMO,QAAQ,GAAG,MAAMN,gBAAgB,CAACO,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;EACzE,MAAMC,YAAY,GAAI,GAAEC,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;EACnC;EACA,MAAMC,MAAM,GACV/C,UAAU,CAACG,wBAAwB,CAAC6C,qCAAqC;EAC3E,MAAMC,MAAM,GAAG,IAAAC,mBAAc,EAAC;IAAEjB,gBAAgB;IAAEI;EAAS,CAAC,CAAC;EAC7D,MAAMc,gBAAgB,GAAG,MAAMF,MAAM,CACnCV,QAAQ,EACRK,YAAY,EACZT,qBAAqB,EACrBY,MAAM,EACNb,yBAAyB,EACzB,CAACnC,0BAA0B,CAACC,UAAU,EAAEC,cAAc,CAAC,CAAC,EACxDmD,qBACF,CAAC;;EAED;EACA,MAAMC,oBAAoB,GACxBrD,UAAU,CAACG,wBAAwB,CAACmD,sBAAsB;EAC5D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAElB,QAAQ;IACnBnB,WAAW,EAAE+B,gBAAgB;IAC7B,GAAGf;EACL,CAAC,CAAC;EAEF,MAAM;IAAEhB;EAAY,CAAC,GAAG,MAAMiB,QAAQ,CAAE,GAAEgB,oBAAqB,IAAGE,MAAO,EAAC,CAAC,CACxEd,IAAI,CAAC,IAAAiB,eAAS,EAAC,GAAG,CAAC,CAAC,CACpBjB,IAAI,CAAEkB,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBnB,IAAI,CAAC5B,2BAA2B,CAAC;EAEpC,OAAO;IAAEgD,UAAU,EAAEzC,WAAW;IAAEmB;EAAS,CAAC;AAC9C,CAAC;AAACuB,OAAA,CAAA/B,sBAAA,GAAAA,sBAAA"}
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"names":[],"sourceRoot":"../../../../src","sources":["credential/issuance/04-complete-user-authorization.ts"],"mappings":""}
|
@@ -0,0 +1,63 @@
|
|
1
|
+
"use strict";
|
2
|
+
|
3
|
+
Object.defineProperty(exports, "__esModule", {
|
4
|
+
value: true
|
5
|
+
});
|
6
|
+
exports.authorizeAccess = void 0;
|
7
|
+
var _reactNativeUuid = _interopRequireDefault(require("react-native-uuid"));
|
8
|
+
var _crypto = require("../../utils/crypto");
|
9
|
+
var _dpop = require("../../utils/dpop");
|
10
|
+
var _misc = require("../../utils/misc");
|
11
|
+
var _const = require("./const");
|
12
|
+
function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
|
13
|
+
/**
|
14
|
+
* Obtain the access token to finally request the credential
|
15
|
+
*
|
16
|
+
* @param issuerConf The Issuer configuration
|
17
|
+
* @param code The access code from the User authorization phase
|
18
|
+
* @param clientId Identifies the current client across all the requests of the issuing flow
|
19
|
+
* @param context.walletInstanceAttestation The Wallet Instance Attestation token
|
20
|
+
* @param context.walletProviderBaseUrl The base url of the Wallet Provider
|
21
|
+
* @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
|
22
|
+
* @returns
|
23
|
+
*/
|
24
|
+
const authorizeAccess = async (issuerConf, code, clientId, context) => {
|
25
|
+
const {
|
26
|
+
appFetch = fetch,
|
27
|
+
walletInstanceAttestation,
|
28
|
+
walletProviderBaseUrl
|
29
|
+
} = context;
|
30
|
+
const tokenUrl = issuerConf.openid_credential_issuer.token_endpoint;
|
31
|
+
|
32
|
+
// Use an ephemeral key to be destroyed after use
|
33
|
+
const signedDPop = await (0, _crypto.withEphemeralKey)(ephemeralContext => (0, _dpop.createDPopToken)({
|
34
|
+
htm: "POST",
|
35
|
+
htu: tokenUrl,
|
36
|
+
jti: `${_reactNativeUuid.default.v4()}`
|
37
|
+
}, ephemeralContext));
|
38
|
+
const codeVerifier = `${_reactNativeUuid.default.v4()}`;
|
39
|
+
const requestBody = {
|
40
|
+
grant_type: "authorization code",
|
41
|
+
client_id: clientId,
|
42
|
+
code,
|
43
|
+
code_verifier: codeVerifier,
|
44
|
+
client_assertion_type: _const.ASSERTION_TYPE,
|
45
|
+
client_assertion: walletInstanceAttestation,
|
46
|
+
redirect_uri: walletProviderBaseUrl
|
47
|
+
};
|
48
|
+
var formBody = new URLSearchParams(requestBody);
|
49
|
+
return appFetch(tokenUrl, {
|
50
|
+
method: "POST",
|
51
|
+
headers: {
|
52
|
+
"Content-Type": "application/x-www-form-urlencoded",
|
53
|
+
DPoP: signedDPop
|
54
|
+
},
|
55
|
+
body: formBody.toString()
|
56
|
+
}).then((0, _misc.hasStatus)(200)).then(res => res.json()).then(body => ({
|
57
|
+
accessToken: body.access_token,
|
58
|
+
nonce: body.c_nonce,
|
59
|
+
clientId
|
60
|
+
}));
|
61
|
+
};
|
62
|
+
exports.authorizeAccess = authorizeAccess;
|
63
|
+
//# sourceMappingURL=05-authorize-access.js.map
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"names":["_reactNativeUuid","_interopRequireDefault","require","_crypto","_dpop","_misc","_const","obj","__esModule","default","authorizeAccess","issuerConf","code","clientId","context","appFetch","fetch","walletInstanceAttestation","walletProviderBaseUrl","tokenUrl","openid_credential_issuer","token_endpoint","signedDPop","withEphemeralKey","ephemeralContext","createDPopToken","htm","htu","jti","uuid","v4","codeVerifier","requestBody","grant_type","client_id","code_verifier","client_assertion_type","ASSERTION_TYPE","client_assertion","redirect_uri","formBody","URLSearchParams","method","headers","DPoP","body","toString","then","hasStatus","res","json","accessToken","access_token","nonce","c_nonce","exports"],"sourceRoot":"../../../../src","sources":["credential/issuance/05-authorize-access.ts"],"mappings":";;;;;;AAAA,IAAAA,gBAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,OAAA,GAAAD,OAAA;AACA,IAAAE,KAAA,GAAAF,OAAA;AAEA,IAAAG,KAAA,GAAAH,OAAA;AAEA,IAAAI,MAAA,GAAAJ,OAAA;AAAyC,SAAAD,uBAAAM,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAqBzC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMG,eAAgC,GAAG,MAAAA,CAC9CC,UAAU,EACVC,IAAI,EACJC,QAAQ,EACRC,OAAO,KAC+D;EACtE,MAAM;IACJC,QAAQ,GAAGC,KAAK;IAChBC,yBAAyB;IACzBC;EACF,CAAC,GAAGJ,OAAO;EAEX,MAAMK,QAAQ,GAAGR,UAAU,CAACS,wBAAwB,CAACC,cAAc;;EAEnE;EACA,MAAMC,UAAU,GAAG,MAAM,IAAAC,wBAAgB,EAAEC,gBAAgB,IACzD,IAAAC,qBAAe,EACb;IACEC,GAAG,EAAE,MAAM;IACXC,GAAG,EAAER,QAAQ;IACbS,GAAG,EAAG,GAAEC,wBAAI,CAACC,EAAE,CAAC,CAAE;EACpB,CAAC,EACDN,gBACF,CACF,CAAC;EAED,MAAMO,YAAY,GAAI,GAAEF,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;EACnC,MAAME,WAAW,GAAG;IAClBC,UAAU,EAAE,oBAAoB;IAChCC,SAAS,EAAErB,QAAQ;IACnBD,IAAI;IACJuB,aAAa,EAAEJ,YAAY;IAC3BK,qBAAqB,EAAEC,qBAAc;IACrCC,gBAAgB,EAAErB,yBAAyB;IAC3CsB,YAAY,EAAErB;EAChB,CAAC;EACD,IAAIsB,QAAQ,GAAG,IAAIC,eAAe,CAACT,WAAW,CAAC;EAE/C,OAAOjB,QAAQ,CAACI,QAAQ,EAAE;IACxBuB,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,mCAAmC;MACnDC,IAAI,EAAEtB;IACR,CAAC;IACDuB,IAAI,EAAEL,QAAQ,CAACM,QAAQ,CAAC;EAC1B,CAAC,CAAC,CACCC,IAAI,CAAC,IAAAC,eAAS,EAAC,GAAG,CAAC,CAAC,CACpBD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBH,IAAI,CAAEF,IAAI,KAAM;IACfM,WAAW,EAAEN,IAAI,CAACO,YAAY;IAC9BC,KAAK,EAAER,IAAI,CAACS,OAAO;IACnBzC;EACF,CAAC,CAAC,CAAC;AACP,CAAC;AAAC0C,OAAA,CAAA7C,eAAA,GAAAA,eAAA"}
|
@@ -0,0 +1,128 @@
|
|
1
|
+
"use strict";
|
2
|
+
|
3
|
+
Object.defineProperty(exports, "__esModule", {
|
4
|
+
value: true
|
5
|
+
});
|
6
|
+
exports.obtainCredential = exports.createNonceProof = void 0;
|
7
|
+
var z = _interopRequireWildcard(require("zod"));
|
8
|
+
var _reactNativeUuid = _interopRequireDefault(require("react-native-uuid"));
|
9
|
+
var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
|
10
|
+
var _sdJwt = require("../../sd-jwt");
|
11
|
+
var _dpop = require("../../utils/dpop");
|
12
|
+
var _misc = require("../../utils/misc");
|
13
|
+
var _types = require("../../sd-jwt/types");
|
14
|
+
var _errors = require("../../utils/errors");
|
15
|
+
function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
|
16
|
+
function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
|
17
|
+
function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
|
18
|
+
/**
|
19
|
+
* Return the signed jwt for nonce proof of possession
|
20
|
+
*/
|
21
|
+
const createNonceProof = async (nonce, issuer, audience, ctx) => {
|
22
|
+
return new _ioReactNativeJwt.SignJWT(ctx).setPayload({
|
23
|
+
nonce,
|
24
|
+
jwk: await ctx.getPublicKey()
|
25
|
+
}).setProtectedHeader({
|
26
|
+
type: "openid4vci-proof+jwt"
|
27
|
+
}).setAudience(audience).setIssuer(issuer).setIssuedAt().setExpirationTime("1h").sign();
|
28
|
+
};
|
29
|
+
|
30
|
+
/**
|
31
|
+
* Given a credential, verify it's in the supported format
|
32
|
+
* and the credential is correctly signed
|
33
|
+
* and it's bound to the given key
|
34
|
+
*
|
35
|
+
* @param rawCredential The received credential
|
36
|
+
* @param issuerKeys The set of public keys of the issuer,
|
37
|
+
* which will be used to verify the signature
|
38
|
+
* @param holderBindingContext The access to the holder's key
|
39
|
+
*
|
40
|
+
* @throws If the signature verification fails
|
41
|
+
* @throws If the credential is not in the SdJwt4VC format
|
42
|
+
* @throws If the holder binding is not properly configured
|
43
|
+
*
|
44
|
+
*/
|
45
|
+
exports.createNonceProof = createNonceProof;
|
46
|
+
async function verifyCredential(rawCredential, issuerKeys, holderBindingContext) {
|
47
|
+
const [{
|
48
|
+
sdJwt
|
49
|
+
}, holderBindingKey] =
|
50
|
+
// parallel for optimization
|
51
|
+
await Promise.all([(0, _sdJwt.verify)(rawCredential, issuerKeys, _types.SdJwt4VC), holderBindingContext.getPublicKey()]);
|
52
|
+
if (!sdJwt.payload.cnf.jwk.kid || sdJwt.payload.cnf.jwk.kid !== holderBindingKey.kid) {
|
53
|
+
throw new _errors.IoWalletError(`Failed to verify holder binding, expected kid: ${holderBindingKey.kid}, got: ${sdJwt.payload.cnf.jwk.kid}`);
|
54
|
+
}
|
55
|
+
}
|
56
|
+
const CredentialEndpointResponse = z.object({
|
57
|
+
credential: z.string(),
|
58
|
+
format: z.literal("vc+sd-jwt")
|
59
|
+
});
|
60
|
+
/**
|
61
|
+
* Fetch a credential from the issuer
|
62
|
+
*
|
63
|
+
* @param issuerConf The Issuer configuration
|
64
|
+
* @param accessToken The access token to grant access to the credential, obtained with the access authorization step
|
65
|
+
* @param nonce The nonce value to prevent reply attacks, obtained with the access authorization step
|
66
|
+
* @param clientId Identifies the current client across all the requests of the issuing flow
|
67
|
+
* @param credentialType The type of the credential to be requested
|
68
|
+
* @param context.credentialCryptoContext The context to access the key the Credential will be bound to
|
69
|
+
* @param context.walletProviderBaseUrl The base url of the Wallet Provider
|
70
|
+
* @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
|
71
|
+
* @returns The signed credential token
|
72
|
+
*/
|
73
|
+
const obtainCredential = async (issuerConf, accessToken, nonce, clientId, credentialType, context) => {
|
74
|
+
const {
|
75
|
+
credentialCryptoContext,
|
76
|
+
walletProviderBaseUrl,
|
77
|
+
appFetch = fetch
|
78
|
+
} = context;
|
79
|
+
const credentialUrl = issuerConf.openid_credential_issuer.credential_endpoint;
|
80
|
+
|
81
|
+
/** DPoP token for demonstating the possession
|
82
|
+
of the key that will bind the holder User with the Credential
|
83
|
+
@see https://datatracker.ietf.org/doc/html/rfc9449 */
|
84
|
+
const signedDPopForPid = await (0, _dpop.createDPopToken)({
|
85
|
+
htm: "POST",
|
86
|
+
htu: credentialUrl,
|
87
|
+
jti: `${_reactNativeUuid.default.v4()}`
|
88
|
+
}, credentialCryptoContext);
|
89
|
+
|
90
|
+
/** JWT proof token to bind the request nonce
|
91
|
+
to the key that will bind the holder User with the Credential
|
92
|
+
@see https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html#name-proof-types */
|
93
|
+
const signedNonceProof = await createNonceProof(nonce, clientId, walletProviderBaseUrl, credentialCryptoContext);
|
94
|
+
|
95
|
+
/** The credential request body */
|
96
|
+
const formBody = new URLSearchParams({
|
97
|
+
credential_definition: JSON.stringify({
|
98
|
+
type: [credentialType]
|
99
|
+
}),
|
100
|
+
format: "vc+sd-jwt",
|
101
|
+
proof: JSON.stringify({
|
102
|
+
jwt: signedNonceProof,
|
103
|
+
proof_type: "jwt"
|
104
|
+
})
|
105
|
+
});
|
106
|
+
const {
|
107
|
+
credential,
|
108
|
+
format
|
109
|
+
} = await appFetch(credentialUrl, {
|
110
|
+
method: "POST",
|
111
|
+
headers: {
|
112
|
+
"Content-Type": "application/x-www-form-urlencoded",
|
113
|
+
DPoP: signedDPopForPid,
|
114
|
+
Authorization: accessToken
|
115
|
+
},
|
116
|
+
body: formBody.toString()
|
117
|
+
}).then((0, _misc.hasStatus)(200)).then(res => res.json()).then(CredentialEndpointResponse.parse);
|
118
|
+
|
119
|
+
/** validate the received credential signature
|
120
|
+
is correct and refers to the public keys of the issuer */
|
121
|
+
await verifyCredential(credential, issuerConf.openid_credential_issuer.jwks.keys, credentialCryptoContext);
|
122
|
+
return {
|
123
|
+
credential,
|
124
|
+
format
|
125
|
+
};
|
126
|
+
};
|
127
|
+
exports.obtainCredential = obtainCredential;
|
128
|
+
//# sourceMappingURL=06-obtain-credential.js.map
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"names":["z","_interopRequireWildcard","require","_reactNativeUuid","_interopRequireDefault","_ioReactNativeJwt","_sdJwt","_dpop","_misc","_types","_errors","obj","__esModule","default","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","createNonceProof","nonce","issuer","audience","ctx","SignJWT","setPayload","jwk","getPublicKey","setProtectedHeader","type","setAudience","setIssuer","setIssuedAt","setExpirationTime","sign","exports","verifyCredential","rawCredential","issuerKeys","holderBindingContext","sdJwt","holderBindingKey","Promise","all","verifySdJwt","SdJwt4VC","payload","cnf","kid","IoWalletError","CredentialEndpointResponse","object","credential","string","format","literal","obtainCredential","issuerConf","accessToken","clientId","credentialType","context","credentialCryptoContext","walletProviderBaseUrl","appFetch","fetch","credentialUrl","openid_credential_issuer","credential_endpoint","signedDPopForPid","createDPopToken","htm","htu","jti","uuid","v4","signedNonceProof","formBody","URLSearchParams","credential_definition","JSON","stringify","proof","jwt","proof_type","method","headers","DPoP","Authorization","body","toString","then","hasStatus","res","json","parse","jwks","keys"],"sourceRoot":"../../../../src","sources":["credential/issuance/06-obtain-credential.ts"],"mappings":";;;;;;AAAA,IAAAA,CAAA,GAAAC,uBAAA,CAAAC,OAAA;AACA,IAAAC,gBAAA,GAAAC,sBAAA,CAAAF,OAAA;AACA,IAAAG,iBAAA,GAAAH,OAAA;AACA,IAAAI,MAAA,GAAAJ,OAAA;AACA,IAAAK,KAAA,GAAAL,OAAA;AAGA,IAAAM,KAAA,GAAAN,OAAA;AAGA,IAAAO,MAAA,GAAAP,OAAA;AACA,IAAAQ,OAAA,GAAAR,OAAA;AAAmD,SAAAE,uBAAAO,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAAA,SAAAG,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAd,wBAAAU,GAAA,EAAAI,WAAA,SAAAA,WAAA,IAAAJ,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAQ,KAAA,GAAAL,wBAAA,CAAAC,WAAA,OAAAI,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAT,GAAA,YAAAQ,KAAA,CAAAE,GAAA,CAAAV,GAAA,SAAAW,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAhB,GAAA,QAAAgB,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAnB,GAAA,EAAAgB,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAf,GAAA,EAAAgB,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAhB,GAAA,CAAAgB,GAAA,SAAAL,MAAA,CAAAT,OAAA,GAAAF,GAAA,MAAAQ,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAArB,GAAA,EAAAW,MAAA,YAAAA,MAAA;AAGnD;AACA;AACA;AACO,MAAMW,gBAAgB,GAAG,MAAAA,CAC9BC,KAAa,EACbC,MAAc,EACdC,QAAgB,EAChBC,GAAkB,KACE;EACpB,OAAO,IAAIC,yBAAO,CAACD,GAAG,CAAC,CACpBE,UAAU,CAAC;IACVL,KAAK;IACLM,GAAG,EAAE,MAAMH,GAAG,CAACI,YAAY,CAAC;EAC9B,CAAC,CAAC,CACDC,kBAAkB,CAAC;IAClBC,IAAI,EAAE;EACR,CAAC,CAAC,CACDC,WAAW,CAACR,QAAQ,CAAC,CACrBS,SAAS,CAACV,MAAM,CAAC,CACjBW,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAdAC,OAAA,CAAAhB,gBAAA,GAAAA,gBAAA;AAeA,eAAeiB,gBAAgBA,CAC7BC,aAAqB,EACrBC,UAAiB,EACjBC,oBAAmC,EACpB;EACf,MAAM,CAAC;IAAEC;EAAM,CAAC,EAAEC,gBAAgB,CAAC;EACjC;EACA,MAAMC,OAAO,CAACC,GAAG,CAAC,CAChB,IAAAC,aAAW,EAACP,aAAa,EAAEC,UAAU,EAAEO,eAAQ,CAAC,EAChDN,oBAAoB,CAACZ,YAAY,CAAC,CAAC,CACpC,CAAC;EAEJ,IACE,CAACa,KAAK,CAACM,OAAO,CAACC,GAAG,CAACrB,GAAG,CAACsB,GAAG,IAC1BR,KAAK,CAACM,OAAO,CAACC,GAAG,CAACrB,GAAG,CAACsB,GAAG,KAAKP,gBAAgB,CAACO,GAAG,EAClD;IACA,MAAM,IAAIC,qBAAa,CACpB,kDAAiDR,gBAAgB,CAACO,GAAI,UAASR,KAAK,CAACM,OAAO,CAACC,GAAG,CAACrB,GAAG,CAACsB,GAAI,EAC5G,CAAC;EACH;AACF;AAEA,MAAME,0BAA0B,GAAGhE,CAAC,CAACiE,MAAM,CAAC;EAC1CC,UAAU,EAAElE,CAAC,CAACmE,MAAM,CAAC,CAAC;EACtBC,MAAM,EAAEpE,CAAC,CAACqE,OAAO,CAAC,WAAW;AAC/B,CAAC,CAAC;AAeF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMC,gBAAkC,GAAG,MAAAA,CAChDC,UAAU,EACVC,WAAW,EACXtC,KAAK,EACLuC,QAAQ,EACRC,cAAc,EACdC,OAAO,KACJ;EACH,MAAM;IACJC,uBAAuB;IACvBC,qBAAqB;IACrBC,QAAQ,GAAGC;EACb,CAAC,GAAGJ,OAAO;EAEX,MAAMK,aAAa,GAAGT,UAAU,CAACU,wBAAwB,CAACC,mBAAmB;;EAE7E;AACF;AACA;EACE,MAAMC,gBAAgB,GAAG,MAAM,IAAAC,qBAAe,EAC5C;IACEC,GAAG,EAAE,MAAM;IACXC,GAAG,EAAEN,aAAa;IAClBO,GAAG,EAAG,GAAEC,wBAAI,CAACC,EAAE,CAAC,CAAE;EACpB,CAAC,EACDb,uBACF,CAAC;;EAED;AACF;AACA;EACE,MAAMc,gBAAgB,GAAG,MAAMzD,gBAAgB,CAC7CC,KAAK,EACLuC,QAAQ,EACRI,qBAAqB,EACrBD,uBACF,CAAC;;EAED;EACA,MAAMe,QAAQ,GAAG,IAAIC,eAAe,CAAC;IACnCC,qBAAqB,EAAEC,IAAI,CAACC,SAAS,CAAC;MACpCpD,IAAI,EAAE,CAAC+B,cAAc;IACvB,CAAC,CAAC;IACFN,MAAM,EAAE,WAAW;IACnB4B,KAAK,EAAEF,IAAI,CAACC,SAAS,CAAC;MACpBE,GAAG,EAAEP,gBAAgB;MACrBQ,UAAU,EAAE;IACd,CAAC;EACH,CAAC,CAAC;EAEF,MAAM;IAAEhC,UAAU;IAAEE;EAAO,CAAC,GAAG,MAAMU,QAAQ,CAACE,aAAa,EAAE;IAC3DmB,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,mCAAmC;MACnDC,IAAI,EAAElB,gBAAgB;MACtBmB,aAAa,EAAE9B;IACjB,CAAC;IACD+B,IAAI,EAAEZ,QAAQ,CAACa,QAAQ,CAAC;EAC1B,CAAC,CAAC,CACCC,IAAI,CAAC,IAAAC,eAAS,EAAC,GAAG,CAAC,CAAC,CACpBD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBH,IAAI,CAACzC,0BAA0B,CAAC6C,KAAK,CAAC;;EAEzC;AACF;EACE,MAAM3D,gBAAgB,CACpBgB,UAAU,EACVK,UAAU,CAACU,wBAAwB,CAAC6B,IAAI,CAACC,IAAI,EAC7CnC,uBACF,CAAC;EAED,OAAO;IAAEV,UAAU;IAAEE;EAAO,CAAC;AAC/B,CAAC;AAACnB,OAAA,CAAAqB,gBAAA,GAAAA,gBAAA"}
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"names":[],"sourceRoot":"../../../../src","sources":["credential/issuance/07-confirm-credential.ts"],"mappings":""}
|
@@ -0,0 +1,9 @@
|
|
1
|
+
"use strict";
|
2
|
+
|
3
|
+
Object.defineProperty(exports, "__esModule", {
|
4
|
+
value: true
|
5
|
+
});
|
6
|
+
exports.ASSERTION_TYPE = void 0;
|
7
|
+
const ASSERTION_TYPE = "urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation";
|
8
|
+
exports.ASSERTION_TYPE = ASSERTION_TYPE;
|
9
|
+
//# sourceMappingURL=const.js.map
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"names":["ASSERTION_TYPE","exports"],"sourceRoot":"../../../../src","sources":["credential/issuance/const.ts"],"mappings":";;;;;;AAAO,MAAMA,cAAc,GACzB,oEAAoE;AAACC,OAAA,CAAAD,cAAA,GAAAA,cAAA"}
|
@@ -0,0 +1,34 @@
|
|
1
|
+
"use strict";
|
2
|
+
|
3
|
+
Object.defineProperty(exports, "__esModule", {
|
4
|
+
value: true
|
5
|
+
});
|
6
|
+
Object.defineProperty(exports, "authorizeAccess", {
|
7
|
+
enumerable: true,
|
8
|
+
get: function () {
|
9
|
+
return _authorizeAccess.authorizeAccess;
|
10
|
+
}
|
11
|
+
});
|
12
|
+
Object.defineProperty(exports, "evaluateIssuerTrust", {
|
13
|
+
enumerable: true,
|
14
|
+
get: function () {
|
15
|
+
return _evaluateIssuerTrust.evaluateIssuerTrust;
|
16
|
+
}
|
17
|
+
});
|
18
|
+
Object.defineProperty(exports, "obtainCredential", {
|
19
|
+
enumerable: true,
|
20
|
+
get: function () {
|
21
|
+
return _obtainCredential.obtainCredential;
|
22
|
+
}
|
23
|
+
});
|
24
|
+
Object.defineProperty(exports, "startUserAuthorization", {
|
25
|
+
enumerable: true,
|
26
|
+
get: function () {
|
27
|
+
return _startUserAuthorization.startUserAuthorization;
|
28
|
+
}
|
29
|
+
});
|
30
|
+
var _evaluateIssuerTrust = require("./02-evaluate-issuer-trust");
|
31
|
+
var _startUserAuthorization = require("./03-start-user-authorization");
|
32
|
+
var _authorizeAccess = require("./05-authorize-access");
|
33
|
+
var _obtainCredential = require("./06-obtain-credential");
|
34
|
+
//# sourceMappingURL=index.js.map
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"names":["_evaluateIssuerTrust","require","_startUserAuthorization","_authorizeAccess","_obtainCredential"],"sourceRoot":"../../../../src","sources":["credential/issuance/index.ts"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,IAAAA,oBAAA,GAAAC,OAAA;AAIA,IAAAC,uBAAA,GAAAD,OAAA;AAKA,IAAAE,gBAAA,GAAAF,OAAA;AACA,IAAAG,iBAAA,GAAAH,OAAA"}
|
@@ -0,0 +1,55 @@
|
|
1
|
+
"use strict";
|
2
|
+
|
3
|
+
Object.defineProperty(exports, "__esModule", {
|
4
|
+
value: true
|
5
|
+
});
|
6
|
+
exports.startFlowFromQR = void 0;
|
7
|
+
var z = _interopRequireWildcard(require("zod"));
|
8
|
+
var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
|
9
|
+
var _errors = require("../../utils/errors");
|
10
|
+
function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
|
11
|
+
function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
|
12
|
+
const QRCodePayload = z.object({
|
13
|
+
protocol: z.string(),
|
14
|
+
resource: z.string(),
|
15
|
+
// TODO: refine to known paths using literals
|
16
|
+
clientId: z.string(),
|
17
|
+
requestURI: z.string()
|
18
|
+
});
|
19
|
+
|
20
|
+
/**
|
21
|
+
* The beginning of the presentation flow.
|
22
|
+
* To be implemented accordind to the user touchpoint
|
23
|
+
*
|
24
|
+
* @param Optional parameters, depending on the starting touchoint
|
25
|
+
* @returns The url for the Relying Party to connect with
|
26
|
+
*/
|
27
|
+
|
28
|
+
/**
|
29
|
+
* Start a presentation flow by decoding an incoming QR-code
|
30
|
+
*
|
31
|
+
* @param qrcode The encoded QR-code content
|
32
|
+
* @returns The url for the Relying Party to connect with
|
33
|
+
* @throws If the provided qr code fails to be decoded
|
34
|
+
*/
|
35
|
+
const startFlowFromQR = async qrcode => {
|
36
|
+
const decoded = (0, _ioReactNativeJwt.decodeBase64)(qrcode);
|
37
|
+
const decodedUrl = new URL(decoded);
|
38
|
+
const protocol = decodedUrl.protocol;
|
39
|
+
const resource = decodedUrl.hostname;
|
40
|
+
const requestURI = decodedUrl.searchParams.get("request_uri");
|
41
|
+
const clientId = decodedUrl.searchParams.get("client_id");
|
42
|
+
const result = QRCodePayload.safeParse({
|
43
|
+
protocol,
|
44
|
+
resource,
|
45
|
+
requestURI,
|
46
|
+
clientId
|
47
|
+
});
|
48
|
+
if (result.success) {
|
49
|
+
return result.data;
|
50
|
+
} else {
|
51
|
+
throw new _errors.AuthRequestDecodeError(result.error.message, `${decodedUrl}`);
|
52
|
+
}
|
53
|
+
};
|
54
|
+
exports.startFlowFromQR = startFlowFromQR;
|
55
|
+
//# sourceMappingURL=01-start-flow.js.map
|